Kerberos Perfect Forward Secrecy
This document defines the use of a Diffie-Hellman exchange in Kerberos, both with AP-REQ/AP-REP (in order to protect against passive eavesdropping of a session by the realm administrator), and as a preauthentication method (in order to prevent a passive eavesdropper from capturing ciphertext with which an offline dictionary attack can be mounted).